RE: out of range LBA using sg_raw

From: Kashyap Desai
Date: Wed Mar 08 2017 - 11:16:00 EST

Next message: Andy Shevchenko: "Re: v4.11-rc1 boot time regression"
Previous message: Andy Lutomirski: "Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention"
In reply to: Bart Van Assche: "Re: out of range LBA using sg_raw"
Next in thread: Christoph Hellwig: "Re: out of range LBA using sg_raw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Bart Van Assche [mailto:Bart.VanAssche@xxxxxxxxxxx]
> Sent: Wednesday, March 08, 2017 9:35 PM
> To: hch@xxxxxxxxxxxxx; kashyap.desai@xxxxxxxxxxxx
> Cc: linux-scsi@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: out of range LBA using sg_raw
>
> On Wed, 2017-03-08 at 21:29 +0530, Kashyap Desai wrote:
> > Also one more fault I can generate using below sg_raw command -
> >
> > "sg_raw -r 32k /dev/sdx 28 00 01 4f ff ff 00 00 08 00"
> >
> > Provide more scsi data length compare to actual SG buffer. Do you
> > suggest such SG_IO interface vulnerability is good to be captured in
driver.
>
> That's not a vulnerability of the SG I/O interface. A SCSI device has to
set the
> residual count correctly if the SCSI data length does not match the size
of the
> data buffer.

Thanks Bart. I will pass this information to Broadcom firmware dev. May
be a Tx/Rx (DMA) related code in MR (also for Fusion IT HBA) cannot
handle due to some sanity checks are not passed.

>
> Bart.

Next message: Andy Shevchenko: "Re: v4.11-rc1 boot time regression"
Previous message: Andy Lutomirski: "Re: [v6 PATCH 00/21] x86: Enable User-Mode Instruction Prevention"
In reply to: Bart Van Assche: "Re: out of range LBA using sg_raw"
Next in thread: Christoph Hellwig: "Re: out of range LBA using sg_raw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]